在代码中需要帮助来检查用户名和密码 [英] need help in code for checking username and password

问题描述

大家好



我写了一个选择查询来从数据库中获取用户名和密码



现在我想检查用户名和密码是否正确，如果是正确的话会做一些操作



请告诉我怎么写代码



谢谢你

Hi all

I wrote a select query to get the username and password from database

now i want to check whether the username and password is correct or not and if it is correct then will do some operation

please tell me how to write the code

Thank you

推荐答案

你可以做类似下面的事情

选择用户名和PWD变成变量然后验证它们



首先检查数据库中是否存在用户名，

如果是，则全部获取像ROLE，EMAIL ID ETC这样的项目，并将它们存储到Session变量中，以便它们可以通过网站使用。



您可以修改以下内容以适合您需要。

You can do something like the below
Select the Username and PWD into variables and then validate them

First check if the Username exists in the the database,
If YES, the get all items like ROLE, EMAIL ID ETC and the store them into a Session variable so that they can be used through out the website.

you can modify the below to suit you need.

Sub validateuser()
       Try
           sqlcon = New OleDbConnection(constr)
           sqlcon.Open()
           sqlcmd = New OleDbCommand("SELECT COUNT(*) FROM att_userrole WHERE username = '" + Login1.UserName + " AND password = '" + Login1.Password + "'", sqlcon)
           retval = sqlcmd.ExecuteScalar
           If retval = 1 Then
               sqlcmd = New OleDbCommand("SELECT role, emailid FROM att_userrole WHERE username = '" + Login1.UserName + "'", sqlcon)
               sqlrdr = sqlcmd.ExecuteReader()
               sqlrdr.Read()
               Session("username") = Login1.UserName
               getrole = (sqlrdr.Item("role"))
               Session("userrole") = getrole
               getemail = (sqlrdr.Item("emailid"))
               Session("reqemailid") = getemail
               Response.Redirect("~\Home.aspx")
               'Response.Write("you are valid " & Session("username") & " with role " & getrole)
           Else
               'IF USERNAME IS INVALID
               '-----YOUR CODE GOES HERE----
              lbl_msg.Text = ("Invalid login attmept")

           End If
       Catch ex As Exception
           lbl_msg.Text = ex.Message.ToString
       End Try
   End Sub

希望这有帮助

Hope this helps

你永远不应该从中检索密码DB（即做一个SELECT和gett它背后的前端代码）！始终传递输入的用户名&密码到服务器端，它将在查询中将它们传递给DB，如果匹配则返回结果。类似于：

You should never retrieve the password from DB (i.e. doing a SELECT and getting it to frontend code behind)! Always pass on the entered username & password to server side which will pass them to DB in a query and get back the result if it matches. Something like:

SELECT
  Count(ID)
FROM
  MstUsers
WHERE
  Username = @username AND
  Password = @password

如果计数大于零，您就知道组合是正确的。如果需要，您可以检索除计数之外的任何其他信息。

If the count is greater then zero, you know the combination is correct. You can retrieve any other information other then count if you need.

这篇关于在代码中需要帮助来检查用户名和密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！